{ "name": "proofpoint_essentials", "title": "Proofpoint Essentials", "version": "1.0.0", "release": "ga", "description": "Collect logs from Proofpoint Essentials with Elastic Agent.", "type": "integration", "download": "/epr/proofpoint_essentials/proofpoint_essentials-1.0.0.zip", "path": "/package/proofpoint_essentials/1.0.0", "icons": [ { "src": "/img/proofpoint-logo.svg", "path": "/package/proofpoint_essentials/1.0.0/img/proofpoint-logo.svg", "title": "Proofpoint logo", "size": "32x32", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.18.0 || ^9.0.0" }, "elastic": { "subscription": "basic" } }, "owner": { "type": "elastic", "github": "elastic/security-service-integrations" }, "categories": [ "security" ], "signature_path": "/epr/proofpoint_essentials/proofpoint_essentials-1.0.0.zip.sig", "format_version": "3.3.2", "readme": "/package/proofpoint_essentials/1.0.0/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/proofpoint_essentials-messages-dashboard.png", "path": "/package/proofpoint_essentials/1.0.0/img/proofpoint_essentials-messages-dashboard.png", "title": "Proofpoint Essentials Messages Overview Dashboard Screenshot", "size": "600x600", "type": "image/png" }, { "src": "/img/proofpoint_essentials-clicks-dashboard.png", "path": "/package/proofpoint_essentials/1.0.0/img/proofpoint_essentials-clicks-dashboard.png", "title": "Proofpoint Essentials Clicks Overview Dashboard Screenshot", "size": "600x600", "type": "image/png" } ], "assets": [ "/package/proofpoint_essentials/1.0.0/LICENSE.txt", "/package/proofpoint_essentials/1.0.0/changelog.yml", "/package/proofpoint_essentials/1.0.0/manifest.yml", "/package/proofpoint_essentials/1.0.0/validation.yml", "/package/proofpoint_essentials/1.0.0/docs/README.md", "/package/proofpoint_essentials/1.0.0/img/proofpoint-logo.svg", "/package/proofpoint_essentials/1.0.0/img/proofpoint_essentials-clicks-dashboard.png", "/package/proofpoint_essentials/1.0.0/img/proofpoint_essentials-messages-dashboard.png", "/package/proofpoint_essentials/1.0.0/data_stream/clicks_blocked/manifest.yml", "/package/proofpoint_essentials/1.0.0/data_stream/clicks_permitted/manifest.yml", "/package/proofpoint_essentials/1.0.0/data_stream/message_blocked/manifest.yml", "/package/proofpoint_essentials/1.0.0/data_stream/message_delivered/manifest.yml", "/package/proofpoint_essentials/1.0.0/data_stream/threat/manifest.yml", "/package/proofpoint_essentials/1.0.0/data_stream/threat/routing_rules.yml", "/package/proofpoint_essentials/1.0.0/kibana/dashboard/proofpoint_essentials-6ce9c1fd-381f-4757-9747-b8fdabdde163.json", "/package/proofpoint_essentials/1.0.0/kibana/dashboard/proofpoint_essentials-d44fa085-b1b7-4f05-9a6c-9777dbe737e2.json", "/package/proofpoint_essentials/1.0.0/kibana/search/proofpoint_essentials-2d587f18-b917-41d1-9ea8-cb0b113b795a.json", "/package/proofpoint_essentials/1.0.0/kibana/search/proofpoint_essentials-70b19365-00b1-4652-afe2-cc4f8807151e.json", "/package/proofpoint_essentials/1.0.0/data_stream/clicks_blocked/fields/base-fields.yml", "/package/proofpoint_essentials/1.0.0/data_stream/clicks_blocked/fields/beats.yml", "/package/proofpoint_essentials/1.0.0/data_stream/clicks_blocked/fields/ecs.yml", "/package/proofpoint_essentials/1.0.0/data_stream/clicks_blocked/fields/fields.yml", "/package/proofpoint_essentials/1.0.0/data_stream/clicks_permitted/fields/base-fields.yml", "/package/proofpoint_essentials/1.0.0/data_stream/clicks_permitted/fields/beats.yml", "/package/proofpoint_essentials/1.0.0/data_stream/clicks_permitted/fields/ecs.yml", "/package/proofpoint_essentials/1.0.0/data_stream/clicks_permitted/fields/fields.yml", "/package/proofpoint_essentials/1.0.0/data_stream/message_blocked/fields/base-fields.yml", "/package/proofpoint_essentials/1.0.0/data_stream/message_blocked/fields/beats.yml", "/package/proofpoint_essentials/1.0.0/data_stream/message_blocked/fields/ecs.yml", "/package/proofpoint_essentials/1.0.0/data_stream/message_blocked/fields/fields.yml", "/package/proofpoint_essentials/1.0.0/data_stream/message_delivered/fields/base-fields.yml", "/package/proofpoint_essentials/1.0.0/data_stream/message_delivered/fields/beats.yml", "/package/proofpoint_essentials/1.0.0/data_stream/message_delivered/fields/ecs.yml", "/package/proofpoint_essentials/1.0.0/data_stream/message_delivered/fields/fields.yml", "/package/proofpoint_essentials/1.0.0/data_stream/threat/fields/base-fields.yml", "/package/proofpoint_essentials/1.0.0/data_stream/threat/fields/beats.yml", "/package/proofpoint_essentials/1.0.0/data_stream/threat/fields/ecs.yml", "/package/proofpoint_essentials/1.0.0/data_stream/threat/fields/fields.yml", "/package/proofpoint_essentials/1.0.0/data_stream/threat/agent/stream/cel.yml.hbs", "/package/proofpoint_essentials/1.0.0/data_stream/threat/elasticsearch/ingest_pipeline/default.yml" ], "policy_templates": [ { "name": "proofpoint_essentials", "title": "Proofpoint Essentials logs", "description": "Collect Proofpoint Essentials logs.", "inputs": [ { "type": "cel", "vars": [ { "name": "url", "type": "url", "title": "URL", "description": "URL for the Essentials Threat API. it will be in the format of `https://-siem.proofpointessentials.com`.", "multi": false, "required": true, "show_user": true }, { "name": "api_key", "type": "password", "title": "API Key", "description": "The API Key used to authenticate with the Essentials Threat API.", "multi": false, "required": true, "show_user": true }, { "name": "api_key_secret", "type": "password", "title": "API Key Secret", "description": "The API Key Secret used to authenticate with the Essentials Threat API.", "multi": false, "required": true, "show_user": true }, { "name": "proxy_url", "type": "text", "title": "Proxy URL", "description": "URL to proxy connections in the form of http[s]://:@:. Please ensure your username and password are in URL encoded format.", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n" } ], "title": "Collect Proofpoint Essentials logs via API", "description": "Collecting Proofpoint Essentials logs via API." } ], "multiple": true, "deployment_modes": { "default": { "enabled": true }, "agentless": { "enabled": true } } } ], "data_streams": [ { "type": "logs", "dataset": "proofpoint_essentials.clicks_blocked", "title": "Proofpoint Essentials Clicks Blocked Events", "release": "ga", "package": "proofpoint_essentials", "elasticsearch": { "index_template.mappings": { "dynamic": true } }, "path": "clicks_blocked" }, { "type": "logs", "dataset": "proofpoint_essentials.clicks_permitted", "title": "Proofpoint Essentials Clicks Permitted Events", "release": "ga", "package": "proofpoint_essentials", "elasticsearch": { "index_template.mappings": { "dynamic": true } }, "path": "clicks_permitted" }, { "type": "logs", "dataset": "proofpoint_essentials.message_blocked", "title": "Proofpoint Essentials Messages Blocked Events", "release": "ga", "package": "proofpoint_essentials", "elasticsearch": { "index_template.mappings": { "dynamic": true } }, "path": "message_blocked" }, { "type": "logs", "dataset": "proofpoint_essentials.message_delivered", "title": "Proofpoint Essentials Messages Delivered Events", "release": "ga", "package": "proofpoint_essentials", "elasticsearch": { "index_template.mappings": { "dynamic": true } }, "path": "message_delivered" }, { "type": "logs", "dataset": "proofpoint_essentials.threat", "title": "Threat", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "initial_interval", "type": "text", "title": "Initial Interval", "description": "How far back to pull the threats from Essentials Threat API. Supported units for this parameter are h/m/s. A maximum of 72 hours of data can be fetched.", "multi": false, "required": true, "show_user": true, "default": "24h" }, { "name": "interval", "type": "text", "title": "Interval", "description": "Duration between requests to the Essentials Threat API. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "1h" }, { "name": "collect_customer_data", "type": "bool", "title": "Collect Customer Data", "description": "Specify whether customer threat data is returned. All customers underneath the partner will be included. Either `Collect Customer Data` or `Collect Own Data` MUST be enabled.", "multi": false, "required": true, "show_user": false, "default": false }, { "name": "collect_own_data", "type": "bool", "title": "Collect Own Data", "description": "Specify whether the organization's own threat is returned. Either `Collect Customer Data` or `Collect Own Data` MUST be enabled.", "multi": false, "required": true, "show_user": false, "default": true }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Supported time units are ns, us, ms, s, m, h.", "multi": false, "required": true, "show_user": false, "default": "30s" }, { "name": "resource_rate_limit_limit", "type": "text", "title": "Resource Rate Limit", "description": "The value of the response that specifies the maximum overall resource request rate. This controls the polling frequency.", "multi": false, "required": false, "show_user": false }, { "name": "resource_rate_limit_burst", "type": "integer", "title": "Resource Rate Limit Burst", "description": "The maximum burst size. Burst is the maximum number of resource requests that can be made above the overall rate limit.", "multi": false, "required": false, "show_user": false }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. Disabling the request tracer will delete any stored traces. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_enable) for details.", "multi": false, "required": false, "show_user": false, "default": false }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "proofpoint_essentials-threat" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": false, "show_user": true, "default": false }, { "name": "preserve_duplicate_custom_fields", "type": "bool", "title": "Preserve duplicate custom fields", "description": "Preserve proofpoint_essentials.threat fields that were copied to Elastic Common Schema (ECS) fields.", "multi": false, "required": false, "show_user": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed.", "multi": false, "required": false, "show_user": false } ], "template_path": "cel.yml.hbs", "title": "Threat", "description": "Collect Proofpoint Essential Threat logs.", "enabled": true, "ingestion_method": "API" } ], "package": "proofpoint_essentials", "elasticsearch": { "index_template.mappings": { "dynamic": true }, "ingest_pipeline.name": "default" }, "path": "threat" } ] }